[Snort-users] Interesting

Lay, James james.lay at ...15009...
Tue Dec 11 17:02:11 EST 2012


Thanks Elz...nice to know someone is looking at it J

 

James

 

From: beenph [mailto:beenph at ...11827...] 
Sent: Tuesday, December 11, 2012 10:10 AM
To: Lay, James
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Interesting

 



On Tue, Dec 11, 2012 at 9:59 AM, Lay, James <james.lay at ...15009...>
wrote:
>
> http://code.google.com/p/topera/
>
>  
>
> "invisible to snort"
>
>  

Seem's like its only chaining IPv6 IPv6 Extension Header - Destination
Options Header Using scrapy.

ipeh =
IPv6ExtHdrDestOpt()/IPv6ExtHdrDestOpt()/IPv6ExtHdrDestOpt()/IPv6ExtHdrDe
stOpt()/IPv6ExtHdrDestOpt()/IPv6ExtHdrDestOpt()/IPv6ExtHdrDestOpt()/IPv6
ExtHdrDestOpt()/IPv6ExtHdrDestOpt()

 

And the tool should trigger  

  DecoderEvent(p, DECODE_IP6_EXCESS_EXT_HDR,
                     DECODE_IP6_EXCESS_EXT_HDR_STR,
                     1, 1);

#define IP6_EXTMAX               8

;)

 

-elz

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121211/c2c8da1b/attachment.html>


More information about the Snort-users mailing list